CVE-2022-37934

moderate-risk

Published 2023-01-05

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Do I need to act?

0.56% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

NETWORK / LOW complexity

Affected Products (10)

Officeconnect 1820 24G Poe\+ \(185W\) Switch J9983A Firmware

Officeconnect 1820 48G Poe\+ \(370W\) Switch J9984A Firmware

Officeconnect 1820 8G Poe\+ \(65W\) Switch J9982A Firmware

Officeconnect 1820 8G Switch J9979A Firmware

Officeconnect 1850 24G 2Xgt Firmware

Officeconnect 1850 24G 2Xgt Poe\+ Firmware

Officeconnect 1850 2Xgt\/Spf\+ Firmware

Officeconnect 1850 48G 4Xgt Firmware

Officeconnect 1850 48G 4Xgt Poe\+ Firmware

Officeconnect 1850 6Xgt Firmware

Affected Vendors

Hp Hpe

References (2)

Vendor Advisory https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate